The GDPR transforms privacy rights for everyone. Without Edward Snowden, it might never have happened.

In June 2013, halfway through the General Data Protection Regulation (GDPR) negotiations, a National Security Agency contractor named Edward Snowden leaked documents on America’s global surveillance. The documents showed that the National Security Agency had backdoor deals with major Silicon Valley companies, allowing them to use consumer data as the basis of their counterintelligence operations.

The leaks catapulted the GDPR into the public spotlight. What had once been a complicated and boring seeming policy about data security and privacy became a story about US spying that members of the EU and their national publics paid attention to. In political science jargon, it gained issue salience. Pro-consumer members of the European Parliament, like Jan Albrecht, capitalized on public attention by condemning the influence of foreign firms in the lobbying process. It’s a problem for European institutions to be captured by European business, but it’s a disaster to be seen as controlled by foreign corporations. Even European corporations were tainted by association – they were seen as having become allies, or even tools of big U.S. tech companies.

[Nikhil Kalyanpur is a PhD candidate in the department of government at Georgetown University. Abraham Newman is a professor in the department of government and the School of Foreign Service at Georgetown University.]